"Who Counterfeited My Viagra?" Probabilistic Item Removal Detection via RFID Tag Cooperation

We leverage RFID tag cooperation to enforce tampering detection. That is, we provide a set of probabilistic protocols that detect the absence of a tag from a system composed of a set of tags and a reader. Our proposals are able to detect which tag and for how long it has been taken away from the system. The grain of the detection can be tuned with respect to the resources available on the tags. Another merit of our solutions is to provide a proof-of-concept that a small level of cooperation among tags can further extend the range of applications RFID can support, possibly opening new veins of research. The proposed protocols fit the resource constraints of the several classes of RFID available on the market. In particular, the memory requirement ranges from few memory slots to a number of memory slots that is proportional to the number of rounds the presence of a tag is going to be checked. Computation is just one hash per round. This fully fledged set of protocols is thought to trade off the detection grain with the resources on the tag: the finer the item removal detection grain, the more resources a protocol requires. A thorough analysis for the removal detection probability is provided. Finally, extensive simulations support the analytical results, showing the viability of the proposed solutions.

[1]  Matthew J. B. Robshaw,et al.  An Active Attack Against HB +-A Provably Secure Lightweight Authentication Protocol , 2022 .

[2]  Maire O'Neill,et al.  Low-Cost SHA-1 Hash Function Architecture for RFID Tags , 2008 .

[3]  M. Petró‐Turza,et al.  The International Organization for Standardization. , 2003 .

[4]  Nowshad Amin,et al.  Anti-collision protocol development for passive RFID tags , 2007 .

[5]  Bryan Parno,et al.  Unidirectional Key Distribution Across Time and Space with Applications to RFID Security , 2008, USENIX Security Symposium.

[6]  Ari Juels,et al.  "Yoking-proofs" for RFID tags , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[7]  Gene Tsudik A Family of Dunces: Trivial RFID Identification and Authentication Protocols , 2007, Privacy Enhancing Technologies.

[8]  L. Bolotnyy,et al.  Generalized "Yoking-Proofs" for a Group of RFID Tags , 2006, 2006 3rd Annual International Conference on Mobile and Ubiquitous Systems - Workshops.

[9]  Roberto Di Pietro,et al.  Information Confinement, Privacy, and Security in RFID Systems , 2007, ESORICS.

[10]  Frédéric Thiesse,et al.  Extending the EPC network: the potential of RFID in anti-counterfeiting , 2005, SAC '05.

[11]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[12]  Mike Burmester,et al.  Forward-secure RFID Authentication and Key Exchange , 2007, IACR Cryptol. ePrint Arch..

[13]  Mike Burmester,et al.  Provably Secure Grouping-proofs for RFID tags , 2008, IACR Cryptol. ePrint Arch..

[14]  Leonid Bolotnyy,et al.  Generalized "Yoking-Proofs" for a Group of RFID Tags , 2006, 2006 Third Annual International Conference on Mobile and Ubiquitous Systems: Networking & Services.

[15]  Günter Karjoth,et al.  Disabling RFID tags with visible confirmation: clipped tags are silenced , 2005, WPES '05.

[16]  Philippe Oechslin,et al.  A scalable and provably secure hash-based RFID protocol , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[17]  Mike Burmester,et al.  Provably Secure Ubiquitous Systems: Universally Composable RFID Authentication Protocols , 2006, 2006 Securecomm and Workshops.

[18]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[19]  Roberto Di Pietro,et al.  eRIPP-FS: Enforcing privacy and security in RFID , 2010, Secur. Commun. Networks.

[20]  Serge Vaudenay,et al.  Mutual authentication in RFID: security and privacy , 2008, ASIACCS '08.

[21]  Gene Tsudik,et al.  YA-TRAP: yet another trivial RFID authentication protocol , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[22]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[23]  Klaus Finkenzeller,et al.  Book Reviews: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 2nd ed. , 2004, ACM Queue.

[24]  Juels,et al.  HB and Related Lightweight Authentication Protocols for Secure RFID Tag / Reader Authentication ∗ , 2006 .

[25]  Sarah Spiekermann,et al.  Critical RFID Privacy-Enhancing Technologies , 2009, IEEE Security & Privacy.

[26]  Roberto Di Pietro,et al.  RIPP-FS: An RFID Identification, Privacy Preserving Protocol with Forward Secrecy. , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[27]  Jaideep Srivastava,et al.  Tag-Splitting: Adaptive Collision Arbitration Protocols for RFID Tag Identification , 2007, IEEE Transactions on Parallel and Distributed Systems.

[28]  Catherine Dehollain,et al.  A global survey on short range low power wireless data transmission architectures for ISM applications , 2001, 2001 International Semiconductor Conference. CAS 2001 Proceedings (Cat. No.01TH8547).

[29]  Davide Zanetti,et al.  Privacy-preserving clone detection for RFID-enabled supply chains , 2010, 2010 IEEE International Conference on RFID (IEEE RFID 2010).

[30]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[31]  Julien Bringer,et al.  HB^+^+: a Lightweight Authentication Protocol Secure against Some Attacks , 2006, Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU'06).

[32]  Brian King,et al.  Securing the Pharmaceutical Supply Chain using RFID , 2007, 2007 International Conference on Multimedia and Ubiquitous Engineering (MUE'07).

[33]  Koutarou Suzuki,et al.  Cryptographic Approach to “Privacy-Friendly” Tags , 2003 .